The largest repository of hacker activity and vulnerability data on display » Get the Report from HackerOne!
Welcome Guest | Sign In
TechNewsWorld.com
Researcher Cracks 'Hacker-Proof' Crypto Wallet
March 22, 2018
A virtual currency hardware wallet with millions of users has been compromised. Saleem Rashid explained how he cracked the firmware on the wallet produced by Ledger using what's known as a "supply chain" attack. That means a targeted device is compromised before any users get their hands on it. The attack on Ledger's $100 Nano S wallet creates a backdoor on the device.
Russians Pose as Americans to Steal Data on Social Media
March 8, 2018
Americans have been targeted on social media by Russian agents on a mission to harvest personal information. The agents pretended to work for organizations promoting African-American businesses as a ruse to obtain personal information from black business owners during the 2016 presidential election campaign. Using names like "BlackMattersUS," the agents set up hundreds of social media accounts.
NICE Alliance Aims to Get Smart Cameras to Play Well Together
March 6, 2018
Sony Semiconductor Solutions, Nikon, Foxconn, Scenera and Wistron have formed an alliance to create standards that allow surveillance and IP cameras to play well with each other. The NICE Alliance, unveiled Monday, aims to create a new smart camera ecosystem, along the lines of the mobile ecosystems that have become so familiar. The "NICE" acronym stands for "Network of Intelligent Camera Ecosystem."
Fileless Malware: Why You Should Care
March 2, 2018
It's a truism that just like organizations adapt, so too do criminals. Anyone who has ever seen a Wells Fargo commercial knows that there was a time when stagecoaches were a normative method for transporting cash and valuables. But what modern criminals in their right mind would attempt robbing a Brink's truck on horseback? That strategy might have worked well in the days of the Pony Express.
AI's Malicious Potential Front and Center in New Report
February 22, 2018
As beneficial as AI can be, it has its dark side, too. That dark side is the focus of a new 100-page report. AI will be used by threat actors to expand the scale and efficiency of their attacks, it predicts. They will employ it to compromise physical systems and to broaden their privacy invasion and social manipulation capabilities. Novel attacks are to be expected.
3 Cybersecurity Threats SMB Etailers Should Not Ignore
February 16, 2018
Some small e-commerce website operators may think their relative obscurity offers protection, but the fact is that SMBs are especially vulnerable to cyberattacks and malware. "Very often small businesses don't feel vulnerable to cyberthreats because they assume cybercriminals prefer to launch attacks on large companies," said Stephanie Weagle, VP of Corero.
SentinelOne Debuts Unified OS Threat Protection
February 15, 2018
SentinelOne this week announced a partnership with Microsoft to bolster threat protection for mixed platform users, making computing safer for Linux machines in a multiplatform workplace. SentinelOne will integrate its Endpoint Protection Platform with Microsoft's Windows Defender Advanced Threat Protection service to cover Mac and Linux device platforms.
Leak of Stale iOS Source Code Could Trigger Fresh Problems
February 9, 2018
Apple lawyers have sent a copyright violation notice to Github, following the publication of leaked iOS 9 source code on the site. Though iOS 9 is dated, it's possible that the leaked code could be used to jailbreak older devices or worse. Publication of the code violated Apple's rights under the DMCA, the attorneys wrote, demanding that the iBoot source code be removed.
Open Up the Source Code to Lock Down Your Data
February 8, 2018
Meaningful security is more than an app or an OS. It's a mindset. Linux security tools by themselves will not make you or anyone more secure. Security requires trade-offs in convenience, so the tools I'll highlight here are not recommended as "daily drivers." Only you can determine your ideal balance point. Perhaps the single greatest strength of Linux is that it is open source.
WiFi Routers Riddled With Holes: Report
February 6, 2018
Most WiFi router vendors have not patched numerous firmware vulnerabilities discovered more than two years ago, according to a new report. OEM firmware built into WiFi routers use open source components that contain numerous known security vulnerabilities that can be exploited by hackers. Insignary conducted comprehensive binary code scans for known security vulnerabilities in WiFi routers.
Alphabet's New Chronicle Promises to Speed Threat Data Analysis
January 30, 2018
Alphabet has launched Chronicle, a new cybersecurity venture, following two years of development at the Alphabet X research lab. Chronicle will include VirusTotal, a Google-owned cybersecurity and intelligence platform and malware intelligence service. The idea behind Chronicle stems from the fact that many companies receive many more security alerts per day than they can handle.
Don't Pay the Hackers
January 30, 2018
If you follow security news, you may have noticed a disturbing trend. Last year, we learned that Uber paid attackers $100,000 to keep under wraps their stealth of the personal information of 50 million Uber riders. More recently, we learned that Hancock Health paid approximately $55,000 in bitcoin to bring hospital systems back online. The payment of ransoms could be more common than it appears.
Free Linux Tool Monitors Systems for Meltdown Attacks
January 27, 2018
SentinelOne has released Blacksmith, a free Linux tool that can detect Meltdown vulnerability exploitation attempts. The company has been working on a similar tool to detect Spectre vulnerability attacks. Though free, Blacksmith is not open source. SentinelOne decided to expedite its development in-house to save time, said Raj Rajamani, vice president of product management.
Intel Reports Progress on Patch-Related Performance Issues
January 25, 2018
Intel appears to have encountered some daylight in its struggle to fix performance issues related to the Meltdown and Spectre vulnerabilities. The company has identified the root cause on its older Broadwell and Haswell platforms, according to Navin Shenoy, general manager of Intel's data center group. Intel has begun rolling out a solution to its industry partners for testing, Shenoy said.
Intel, Microsoft, Google Scramble for Solutions as Patches Slow Systems
January 12, 2018
Major tech companies, including Intel, Microsoft and Google, scrambled to calm the mood this week after a large number of computer users reported performance problems linked to security updates for the Spectre and Meltdown vulnerabilities. A firestorm of criticism has erupted over the response to the chip flaws, which researchers at Google's Project Zero discovered in 2016.
Ominous Processor Vulnerabilities Could Put Most Computers at Risk
January 4, 2018
Nearly a dozen cybersecurity researchers this week reported two potentially serious exploits of vulnerabilities that exist in most modern processors. Three teams independently discovered and reported the Meltdown exploit. Two teams independently discovered and reported the Spectre exploit. The Meltdown and Spectre exploits could used to capture sensitive information on devices.
2017 in Tech: The Year of Foreshadowing Big Things to Come
December 29, 2017
2017 may be the year that developments in the tech world truly were overshadowed by other world events: deepening divisions in the United States and the looming threat of war with North Korea; numerous sexual misconduct scandals; terrorist attacks in Europe; and another royal wedding. With all of that going on, it would be easy to overlook Apple's latest iPhone or Nintendo's comeback.
Zealot Loads Cryptocurrency Miner on Linux, Windows Machines
December 22, 2017
A new Apache Struts campaign that researchers named "Zealot" has come to light in recent weeks. Zealot loads Windows or Linux-based machines by installing a miner for Monero, which has become one of the hottest cryptocurrencies used in recent malware attacks. Zealot uses NSA-linked EternalBlue and EternalSynergy exploits, according to the F5 Labs researchers who discovered the campaign.
Full Disclosure Applies to Internal Security Too
December 21, 2017
If you've been keeping up with the news, you've probably noticed a few recent reports about companies that may have been a little less than candid about security issues. For example, we recently learned that Uber experienced a breach in 2016. As we've also learned from subsequent press reports, the company may have paid the attacker to remain silent about that breach.
US Fingers North Korea for WannaCry Epidemic
December 20, 2017
The United States on Tuesday accused North Korea of responsibility for a global ransomware attack that locked down more than 300,000 computers in 150 countries earlier this year. The U.S. now has enough evidence to support its assertion that Pyongyang was behind the WannaCry attack in May, Homeland Security Advisor Tom Bossert told reporters at a White House press briefing.
Oops... Some HP Laptops Shipped With Hidden Keylogger
December 12, 2017
Some HP laptops users came with a preinstalled program to capture the keystrokes of users, a security researcher recently discovered. The researcher, Michael Myng aka "ZwClose," discovered the keylogger software while trying to solve a keyboard problem for a friend. The software is turned off by default. After Myng contacted HP about the program, it quickly released a patch to get rid of it.
Feds: Cloud Cybersecurity Benefits Now Outweigh Risks
December 11, 2017
Many federal government IT managers used to be wary of the shortcomings of migrating to cloud technology because of potential data security problems affecting email, business systems, personal data records and, especially, national security operations. However, after the federal "cloud first" initiative's six-year effort, there are signs that federal IT managers have changed their assessment.
The Return of Industrial Espionage and the Building New Wave of Scandals
December 4, 2017
As powerful men drop like flies due to their inability to resist abusing their authority, it's clear that the problem is widespread. Similarly, it's likely that we'll find the problem of alleged industrial espionage is not limited to Uber. You see, when people misuse authority -- and the sexual harassment problem is a massive misuse of authority -- folks typically don't just misuse it in one area.
Quantum Key Distribution Gets a Speed Boost
November 30, 2017
A method for scrambling data to protect it from the super powerful computers of the future has received a speed boost from a team of researchers from Duke and Ohio State universities and the Oak Ridge National Laboratory. The method uses quantum key distribution to guard data from prying eyes. The problem in the past with the technology is it's slow. Transfer speeds typically are measured in kilobits per second.
MacOS High Sierra Flaw Creates High Anxiety
November 29, 2017
Apple has released a security update to fix a serious flaw revealed via Twitter. The patch is available for macOS High Sierra 10.13.1. macOS 10.12.6 and earlier versions aren't affected. "This morning, as of 8 a.m., the update is available for download, and, starting later today, it will be immediately automatically installed on all systems running MacOS High Sierra 10.13.1," Apple said.
Risky Scripts Pose Threat to Web Surfers, Say Researchers
November 28, 2017
A popular technique used by website operators to observe the keystrokes, mouse movements and scrolling behavior of visitors on Web pages is fraught with risk. The technique offered by a number of service providers uses scripts to capture the activity of a visitor on a Web page, store it on the provider's servers, and play it back on demand for a website's operators.
Offsetting Asymmetry With Automation
November 24, 2017
In the security world, there is a truism that defense is harder than offense because it's an asymmetric playing field. The bad guys need only find one path into an environment -- one place where everything hasn't been done exactly "just so" and perfectly -- while those charged with securing that environment need to protect against intrusions everywhere they have a technology footprint.
BlackBerry: The Most Important Mobile Company of the Future?
November 20, 2017
If you are like many, when you saw this headline you likely were surprised BlackBerry was still around. As BlackBerry phones left the market, the company fell out of sight. However, behind the scenes it has been moving into industries like automotive. Also, it remains the leading vendor providing mobile security to our politicians, military personnel and major corporations.
Newly Revealed Flaw Could Subject IoT Devices to Airborne Attacks
November 17, 2017
Billions of voice-activated IoT devices may be subject to external attack due to BlueBorne vulnerabilities, Armis revealed. Hackers could exploit BlueBorne to mount an airborne attack, using Bluetooth to spread malware and access critical data, including sensitive personal information. More than 20 million Amazon Echo and Google Home smart speakers could have been impacted by the flaws.
Eavesdropper Vulnerability Exposes Hundreds of Mobile Apps
November 10, 2017
Appthority has warned that up to 700 apps in the enterprise mobile environment, including more than 170 that were live in official app stores, could be at risk to due to the Eavesdropper vulnerability. Affected Android apps already may have been downloaded up to 180 million times, the firm said. The vulnerability has resulted in large-scale data exposure.
See More Articles in Cybersecurity Section >>
Facebook Twitter LinkedIn Google+ RSS
What best describes your attitude toward social networks and politics?
The value of engaging in serious political discourse outweighs the negatives.
Most of the political conversations seem overheated and ignorant.
Social networks provide a lot of very good political information from reliable sources.
Almost every political post I see is skewed or totally fake.
Political interactions on social networks simply mirror those in the real world.
Social networks remove inhibitions, bringing out the worst in people and politics.